Before doing any probes for a confidential VM, check that the
tool is running under a hypervisor, rather than bare metal
Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
---
virt-what-cvm.c | 27 +++++++++++++++++++++++++++
1 file changed, 27 insertions(+)
diff --git a/virt-what-cvm.c b/virt-what-cvm.c
index 407efb4..f184768 100644
--- a/virt-what-cvm.c
+++ b/virt-what-cvm.c
@@ -35,6 +35,9 @@ static bool dodebug = false;
#define debug(...) do { if (dodebug) fprintf(stderr, __VA_ARGS__); } while(0)
+
+#define CPUID_PROCESSOR_INFO_AND_FEATURE_BITS 0x1
+
/*
* AMD64 Architecture Programmer’s Manual Volume 3:
* General-Purpose and System Instructions.
@@ -72,6 +75,9 @@ static bool dodebug = false;
#define CPUID_SIG_INTEL "GenuineIntel"
#define CPUID_SIG_INTEL_TDX "IntelTDX "
+/* ecx bit 31: set => hyperpvisor, unset => bare metal */
+#define CPUID_FEATURE_HYPERVISOR (1 << 31)
+
/*
* This TPM NV data format is not explicitly documented anywhere,
* but the header definition is present in code at:
@@ -335,11 +341,32 @@ cpu_sig_intel (void)
puts ("intel-tdx");
}
+static bool
+cpu_is_hv (void)
+{
+ uint32_t eax, ebx, ecx, edx;
+ bool is_hv;
+
+ eax = CPUID_PROCESSOR_INFO_AND_FEATURE_BITS;
+ ebx = ecx = edx = 0;
+
+ cpuid(&eax, &ebx, &ecx, &edx);
+
+ is_hv = ecx & CPUID_FEATURE_HYPERVISOR;
+
+ debug ("CPUID is hypervisor: %s\n", is_hv ? "yes" : "no");
+ return is_hv;
+}
+
static void
cpu_sig (void)
{
char sig[13];
+ /* Skip everything on bare metal */
+ if (!cpu_is_hv ())
+ return;
+
memset (sig, 0, sizeof sig);
cpuid_leaf (0, sig);
--
2.40.1
